revert: 未登录时访问 /is-login 设置 code 401

framework/gateway/src/main/java/io/metersphere/gateway/filter/AuthFilter.java

@@ -1,50 +0,0 @@
-package io.metersphere.gateway.filter;
-
-import io.metersphere.commons.constants.SessionConstants;
-import io.metersphere.commons.utils.JSON;
-import io.metersphere.commons.utils.RsaKey;
-import io.metersphere.commons.utils.RsaUtil;
-import io.metersphere.controller.handler.ResultHolder;
-import org.springframework.core.io.buffer.DataBuffer;
-import org.springframework.http.HttpStatus;
-import org.springframework.http.MediaType;
-import org.springframework.stereotype.Component;
-import org.springframework.web.server.ServerWebExchange;
-import org.springframework.web.server.WebFilter;
-import org.springframework.web.server.WebFilterChain;
-import reactor.core.publisher.Mono;
-
-import java.nio.charset.StandardCharsets;
-import java.security.NoSuchAlgorithmException;
-
-@Component
-public class AuthFilter implements WebFilter {
-
-    @Override
-    public Mono<Void> filter(ServerWebExchange exchange, WebFilterChain chain) {
-        // 放行不是 /is-login 的接口
-        if (!exchange.getRequest().getURI().getRawPath().equals("/is-login")) {
-            return chain.filter(exchange);
-        }
-
-        RsaKey rsaKey = null;
-        try {
-            rsaKey = RsaUtil.getRsaKey();
-        } catch (NoSuchAlgorithmException e) {
-        }
-        // 从请求头中获取Auth Token
-        String authToken = exchange.getRequest().getHeaders().getFirst(SessionConstants.HEADER_TOKEN);
-        String csrfToken = exchange.getRequest().getHeaders().getFirst(SessionConstants.CSRF_TOKEN);
-        if (authToken == null || csrfToken == null) {
-            // 将错误信息转换为JSON格式
-            byte[] body = JSON.toJSONString(ResultHolder.error(rsaKey.getPublicKey())).getBytes(StandardCharsets.UTF_8);
-            // 设置响应体和响应类型
-            exchange.getResponse().getHeaders().setContentType(MediaType.APPLICATION_JSON);
-            exchange.getResponse().setStatusCode(HttpStatus.UNAUTHORIZED);
-            DataBuffer buffer = exchange.getResponse().bufferFactory().wrap(body);
-            return exchange.getResponse().writeWith(Mono.just(buffer));
-        } else {
-            return chain.filter(exchange);
-        }
-    }
-}

framework/sdk-parent/frontend/src/business/login/index.vue

@@ -209,6 +209,10 @@ export default {
         this.form.authenticate = authenticate;
       }
     }
+    let url = localStorage.getItem('oidcLoginUrl');
+    if (url) {
+      window.location.href = url;
+    }
   },
 
   destroyed() {
@@ -337,6 +341,10 @@ export default {
           if (source.type === 'OIDC') {
             url = config.authUrl + "?client_id=" + config.clientId + "&redirect_uri=" + redirectUrl +
               "&response_type=code&scope=openid+profile+email&state=" + authId;
+            // 保存一个登录地址，禁用本地登录
+            if (config.loginUrl) {
+              localStorage.setItem('oidcLoginUrl', config.loginUrl);
+            }
           }
           if (source.type === 'OAuth2') {
             url = config.authUrl

framework/sdk-parent/frontend/src/plugins/request.js

@@ -83,7 +83,7 @@ const checkAuth = response => {
     clearLocalStorage();
     return;
   }
-  if (response.headers["authentication-status"] === "invalid") {
+  if (response.headers["authentication-status"] === "invalid" || response.status === 401) {
     clearLocalStorage();
   }
 }
@@ -110,13 +110,6 @@ instance.interceptors.response.use(response => {
 }, error => {
   let msg;
   if (error.response && error.response.headers) {
-    // 仅处理 /is-login
-    if (error.response.status === 401
-      && error.response.data.success === false
-      && error.response.request.responseURL.endsWith("/is-login")) {
-      return Promise.reject(error.response.data);
-    }
-
     // 判断错误标记
     if (error.response.status === 402) {
       if (error.response.headers['redirect']) {

framework/sdk-parent/sdk/src/main/java/io/metersphere/controller/LoginController.java

@@ -52,7 +52,7 @@ public class LoginController {
 
 
     @GetMapping(value = "/is-login")
-    public ResultHolder isLogin(@RequestHeader(name = SessionConstants.HEADER_TOKEN, required = false) String sessionId, HttpServletResponse response) throws Exception {
+    public ResultHolder isLogin(@RequestHeader(name = SessionConstants.HEADER_TOKEN, required = false) String sessionId) throws Exception {
         RsaKey rsaKey = RsaUtil.getRsaKey();
         Object user = redisIndexedSessionRepository.getSessionRedisOperations().opsForHash().get("spring:session:sessions:" + sessionId, "sessionAttr:user");
         if (user != null) {
@@ -69,8 +69,6 @@ public class LoginController {
             }
             return ResultHolder.success(sessionUser);
         }
-        // 没登录状态码返回401
-        response.setStatus(401);
         return ResultHolder.error(rsaKey.getPublicKey());
     }
 

system-setting/frontend/src/business/system/setting/MxAuth.vue

@@ -167,6 +167,21 @@
               </el-form-item>
             </el-col>
           </el-row>
+          <el-row>
+            <el-col>
+              <el-form-item prop="configuration.loginUrl">
+                <template v-slot:label>
+                  Login Endpoint
+                  <el-tooltip content="Login URL: https://cloud2.metersphere.com, 输入后将自动转到第三方登录页面"
+                              effect="light"
+                              trigger="hover">
+                    <i class="el-icon-info"></i>
+                  </el-tooltip>
+                </template>
+                <el-input v-model="form.configuration.loginUrl"/>
+              </el-form-item>
+            </el-col>
+          </el-row>
           <el-row>
             <el-col>
               <el-form-item label="Secret"